DUAL_EC_DRBG Backdoors And Why You Should Care

It is looking more and more likely pretty damned obvious that the NSA managed to get a weakness introduced into a widely used random number generating algorithm standard (DUAL_EC_DRBG) that was approved for use by NIST (the National Institute of Standards and Technology) for US Government use. Such standards are widely adopted by commercial products, both those sold to the Government and those that just want to enjoy the benefit of using a standard blessed by people who Know About Such Things.

This is scary, because a weakness in a random number standard means that someone might be able to predict cryptographic information based on that "random" number that was generated by that weakened algorithm, which could lead to a compromise of encryption keys and other nasty things.

The really scary part is that a number of cryptographers sounded the alarm years ago - but few people, it seems, were listening - or could make the leap of faith required to believe that there could be malfeasance involved. Today, thanks to Edward Snowden, no such leap is required anymore, and companies that were using this random number generating algorithm are warning their customers not to use it and are likely working feverishly to remove it from their products. NIST is also warning against the use of DUAL_EC_DRBG. Amongst the major companies using the DUAL_EC_DRBG: Microsoft, in several versions of Windows.


I'm intentionally not delving into the nuts and bolts of random number theory here for two reasons: First, many people get cross-eyed when you get much deeper than this and start watching reruns of Gilligan's Island.

Second, my colleague Mike Yoder wrote an excellent blog post on the topic.

As for me, I'll be polishing my tinfoil hat and preparing to don it. But in all seriousness, this was a wakeup call for the entire IT security industry to not blindly trust/be coerced into using Government standards for things that keep us and our data safe and secure.